<?php

$__FILEPATH__ = dirname(__FILE__)."/";
require_once($__FILEPATH__."./func_common.php");
require_once($__FILEPATH__."./class_def.php");
require_once($__FILEPATH__."./conf/info.php");

session_start();

if (!isset($_SESSION["user"]))
{
	header("HTTP/1.1 403 Forbidden");
	exit(0);
}

header("Content-Type: text/html; charset=UTF-8");

$mysqli = GetMysqliInstance();

if (isset($_POST["submit"])
	&& isset($_POST["oldpassword"])
	&& isset($_POST["password"])
	&& isset($_POST["confirm"]))
{
	if ($_POST["oldpassword"] == ""
		|| $_POST["password"] == ""
		|| $_POST["confirm"] == "")
		die("输入不能为空");
	else if ($_POST["password"] != $_POST["confirm"])
		die("两次输入的密码不一致");
	else 
	{
		$username 		= $_SESSION["user"];
		$password 		= md5($_POST["password"]);
		$oldpassword 	= md5($_POST["oldpassword"]);

		$stmt_judge = $mysqli->prepare("select password from userlist where username = ?");
		$stmt_judge->bind_param("s", $username);
		if (!$stmt_judge->execute())
			die("原密码错误~");
		$stmt_judge->bind_result($r_password);
		

		if ((!$stmt_judge->fetch()) || $r_password != $oldpassword)
		{
			die("原密码错误~");
		}
		$stmt_judge->close();

		$strsql = "update userlist set password = ? where username = ?";
		$stmt = $mysqli->prepare($strsql);
		$stmt->bind_param("ss", $password, $username);
		if ($stmt->execute())
		{
			$stmt->close();
			echo "<script type='text/javascript'> alert('修改成功!'); history.go(-2);</script>";
		}
		else 
		{
			$stmt->close();
			die("服务器错误~");
		}
	}
}

?>